[Freeipa-users] Disable IPA Web UI auto-login
Dmitri Pal
dpal at redhat.com
Wed Jul 14 13:19:45 UTC 2010
Shan Kumaraswamy wrote:
> Dear All,
>
>
>
> Can anyone let me know how to disable IPA admin “auto-login” from
> FreeIPA server, basically I need to use this URL
> https://ipaserver.example.com/ipa/ui and should ask user name and
> password every time while opening the login page,
>
This is not a bug. It is a feature :-)
A bit of explanation about how things work.
When admin does authentication he gets a kerberos ticket.
This ticket is used to get access to the UI (automatically). It is a
feature of kerberos.
You would not be able to login if you do not have a ticket.
If you have a ticket, this means you already proved your identity to the
server and there is no need to challenge you again.
What you are asking for is a form based authentication. It is not
implemented in IPA and not planned to be implemented in v2 because the
scheme above has same security attributes but is much more convenient.
So there is no way to disable the auto-login feature.
> and also the administrator will login via “Firefox” any machine in
> the intranet (LAN) using the IPA admin login credentials.
>
Can you explain this part please? Login into any machine? Sure if you
configured SSH to use kerberos you will be able to SSH into any machine
unless you configures some access control rules that would prevent you
from doing so.
>
> --
> Thanks & Regards
> Shan Kumaraswamy
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
--
Thank you,
Dmitri Pal
Engineering Manager IPA project,
Red Hat Inc.
-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
More information about the Freeipa-users
mailing list